1. Verify the users credentials are correct in Active Directory
2. Verify the user is logging in with the correct Domain pre-pended to their Active Directory username. Verify they have not been locked out in Active Directory for too many failed login attempts.
3. Verify that the Active Directory server configured in OAMP is the same one used by UCCE/ICM. Verify the Manager Distinguished Name has the correct Domain name as that used by the ICM Server: CN=Administrator, CN=users, DC=MYDOMAIN, DC=COM

Action Plan-2: If Domain user is not able to login to CUIC yet, do the following:

Step-1: In OAMP Active Directory configuration page, check if User Search Base has 'CN=Users' in it. This is needed except incase User Search Base is already CN=Domain Users. Try To login to CUIC with supervisor name prepended with proper domain name
Step-2: If Step-1 doesn’t work, If user is not able to login still, modify to 'CN=Domain Users' in User Search Base and try to login
Step-3: If Step-2 doesn’t work, change following
Attribute for User ID = userPrincipalName
User Search Base search base, modify to = CN=Domain Users
And then try to login to CUIC with user id as testuser@bioscripinc.net (for this to work Ldap should be configured to accept both UserPrincipleName for login)

If AD user is still not able to login

1.Login to Active directory using 'Active Directory Explorer by Microsoft' or Softerra LDAP browser
2.Navigate to the AD account name
3.Look for attribute distinguishedName, it would be something like "CN=UserName,DC=Users,DC=CompanyName,DC=COM...."
4.Copy every thing from distinguishedName except CN=UserName to 'User Search Base' element in OAMP Active directory configuration page
5.Make 'User ID Attribute' to userPrincipleName and from LDAP browser findout the userPrincipleName Attibute
Use the same thing to login to CUIC, login name would be like testuser@company.com
6.If user is not able to login to CUIC, then problem might be with Active directory LDAP authentication, then
Make 'User ID Attribute' to samAccountName and from LDAP browser find out the samAccountName Attibute
Use the same thing to login to CUIC, login name would be like 'company\testuser'